feat: integrate AuthenticationController for bearer token handling in…#8843
Merged
Conversation
meltingice1337
temporarily deployed
to
default-branch
GitHub Actions
Inactive
meltingice1337
force-pushed
the
feat/TRAM-3502
branch
from
fb101e4 to
47ab3ba
Compare
meltingice1337
force-pushed
the
feat/TRAM-3502
branch
from
47ab3ba to
30578d8
Compare
Contributor
Author
|
@metamaskbot publish-previews |
Contributor
|
Preview builds have been published. Learn how to use preview builds in other projects. Expand for full list of packages and versions. |
amitabh94
approved these changes
May 19, 2026
pull Bot
pushed a commit
to Reality2byte/core
that referenced
this pull request
May 20, 2026
## Explanation Release 993.0.0 — two packages: - **`@metamask/ramps-controller`** `13.3.1` → **`14.0.0`** (major) - **`@metamask/transaction-pay-controller`** `22.6.1` → **`22.6.2`** (patch) `ramps-controller@14.0.0` ships MetaMask#8843, which authenticates `getBuyWidgetUrl` by requiring `AuthenticationController:getBearerToken` on its messenger. That's a breaking messenger-contract change, so major. `transaction-pay-controller@22.6.2` is a no-code-change patch that bumps its dep range on `ramps-controller` from `^13.3.1` to `^14.0.0`. Included to keep the dependency graph current and avoid duplicate `ramps-controller` copies in consumer node_modules. Its code doesn't touch any of the breaking surface. ## References - Feature PR: MetaMask#8843 - Mobile adoption (draft): MetaMask/metamask-mobile#30319 ## Checklist - [x] I've updated the test suite for new or updated code as appropriate - [x] I've updated documentation (JSDoc, Markdown, etc.) for new or updated code as appropriate - [x] I've communicated my changes to consumers by [updating changelogs for packages I've changed](https://github.com/MetaMask/core/tree/main/docs/processes/updating-changelogs.md) - [x] I've introduced [breaking changes](https://github.com/MetaMask/core/tree/main/docs/processes/breaking-changes.md) in this PR and have prepared draft pull requests for clients and consumer packages to resolve them <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Medium Risk** > Moderate risk because this release includes a **breaking** `@metamask/ramps-controller` messenger-contract change requiring consumers to delegate `AuthenticationController:getBearerToken` before calling `getBuyWidgetUrl`. The rest is version/changelog/dependency range updates with minimal runtime impact. > > **Overview** > Bumps the monorepo release version to `993.0.0` and publishes `@metamask/ramps-controller` `14.0.0` (major) and `@metamask/transaction-pay-controller` `22.6.2` (patch). > > `ramps-controller@14.0.0` documents a **breaking** change requiring `RampsServiceMessenger` consumers to delegate `AuthenticationController:getBearerToken`, and adds bearer-token authentication for `getBuyWidgetUrl` plus a new runtime dependency on `@metamask/profile-sync-controller`. > > `transaction-pay-controller@22.6.2` is a dependency-only update to consume `@metamask/ramps-controller@^14.0.0`, with corresponding `yarn.lock` updates. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit b8f2fe6. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> --------- Co-authored-by: Darius Costolas <10818970+meltingice1337@users.noreply.github.com>
4 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Explanation
RampsService.getBuyWidgetUrlpreviously issued unauthenticated requests to the ramps API (/providers/<provider>/buy-widget). The upstream API is being gated behind authentication, so without a bearer token the call will start to fail and break the Buy flow for every consumer (mobile, extension).This PR makes
getBuyWidgetUrlauthenticated by sourcing a bearer token fromAuthenticationControllervia the messenger and attaching it as anAuthorization: Bearer <token>header on the outgoing request.How it works:
RampsService.#getRequestHeaderscalls the messenger actionAuthenticationController:getBearerTokenand returns theAuthorizationheader. It is awaited once pergetBuyWidgetUrlinvocation (verified by a new test) before the request is dispatched through the existing#policy.executewrapper, so token retrieval happens outside the retry/circuit-breaker loop. If the token call rejects (e.g. wallet is locked, user signed out), the rejection propagates and no HTTP call is made — also covered by a new test.RampsServiceMessenger'sAllowedActionsis widened fromnevertoAuthenticationController.AuthenticationControllerGetBearerTokenAction. This is a breaking change to the messenger contract: consumers must delegate theAuthenticationController:getBearerTokenaction into the ramps messenger before callinggetBuyWidgetUrl.getBuyWidgetUrlis authenticated in this PR. Other endpoints (e.g.getGeolocation) remain unauthenticated and explicitly do not request a bearer token; this is locked in by tests that assertgetBearerTokenis not called and that noAuthorizationheader is sent for those endpoints.Dependency added:
@metamask/profile-sync-controller@^28.1.0is added as a runtime dependency solely for itsAuthenticationControllertype export (theAuthenticationControllerGetBearerTokenActionaction type). It is not instantiated byramps-controller; the implementing controller lives in the consuming app and is wired up via the messenger.Demo:
auth_demo.mp4
Test updates:
getBuyWidgetUrlnow assert theAuthorization: Bearer mock-bearer-tokenheader is present on the nock interceptor.getBearerTokenshort-circuits before any HTTP request; and the scope assertion thatgetGeolocationremains unauthenticated.getRootMessenger/getServicetest helpers now delegate theAuthenticationController:getBearerTokenaction and expose amockGetBearerTokenjest mock so individual tests can override the resolution behavior.References
Checklist
Note
Medium Risk
Medium risk due to a breaking messenger contract change requiring consumers to delegate
AuthenticationController:getBearerToken, and because it changes howgetBuyWidgetUrlperforms network requests by adding auth headers and failing early when tokens are unavailable.Overview
RampsService.getBuyWidgetUrlnow authenticates buy-widget requests by retrieving a bearer token via the messenger actionAuthenticationController:getBearerTokenand sendingAuthorization: Bearer <token>on the HTTP call.This widens
RampsServiceMessengerallowed actions (a breaking change for consumers that must delegate/register the new action), adds@metamask/profile-sync-controlleras a runtime dependency for the action type, updates TS project references, and extends tests to assert auth header behavior, token fetch call counts, and that unrelated endpoints (e.g.getGeolocation) remain unauthenticated.Reviewed by Cursor Bugbot for commit bdad742. Bugbot is set up for automated code reviews on this repo. Configure here.